Reliability, Availability and Safety of Electronic Control Systems
S5-115F Manual
9.3.2
Safe Binary Outputs
Safe outputs are dual-channel in one of the following ways:
•
Both poles (e.g. +-) of the signal to the load are switched
•
Two interface relays are controlled, which in turn also switch both poles of the signal to the
load. Errors are recognized by reading back separate inputs and by comparing the inputs.
Comparison of readback inputs is sufficient for outputs which change their status frequently. In
the case of output statuses which change infrequently, a check pulse is output and read back
additionally in the supplementary test.
The 0 signal, which occurs in the event of wire break or power failure, must shut down all the
command actuators of the process (examples: ON command for a motor must be active with ”1”,
ON command for a brake must be active with ”0”).
9-6
EWA 4NEB 811 6148-02